From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 99F2D8E9D for ; Fri, 23 Jun 2023 09:00:33 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7989D2F2CD for ; Fri, 23 Jun 2023 09:00:03 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 23 Jun 2023 09:00:02 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 5CD4742D94; Fri, 23 Jun 2023 09:00:02 +0200 (CEST) Message-ID: <54b1c171-0580-155f-d61c-ee88ca322db2@proxmox.com> Date: Fri, 23 Jun 2023 08:59:58 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Proxmox VE development discussion , Wolf Noble References: Content-Language: de-AT, en-GB From: Thomas Lamprecht Autocrypt: addr=t.lamprecht@proxmox.com; keydata= xsFNBFsLjcYBEACsaQP6uTtw/xHTUCKF4VD4/Wfg7gGn47+OfCKJQAD+Oyb3HSBkjclopC5J uXsB1vVOfqVYE6PO8FlD2L5nxgT3SWkc6Ka634G/yGDU3ZC3C/7NcDVKhSBI5E0ww4Qj8s9w OQRloemb5LOBkJNEUshkWRTHHOmk6QqFB/qBPW2COpAx6oyxVUvBCgm/1S0dAZ9gfkvpqFSD 90B5j3bL6i9FIv3YGUCgz6Ue3f7u+HsEAew6TMtlt90XV3vT4M2IOuECG/pXwTy7NtmHaBQ7 UJBcwSOpDEweNob50+9B4KbnVn1ydx+K6UnEcGDvUWBkREccvuExvupYYYQ5dIhRFf3fkS4+ wMlyAFh8PQUgauod+vqs45FJaSgTqIALSBsEHKEs6IoTXtnnpbhu3p6XBin4hunwoBFiyYt6 YHLAM1yLfCyX510DFzX/Ze2hLqatqzY5Wa7NIXqYYelz7tXiuCLHP84+sV6JtEkeSUCuOiUY virj6nT/nJK8m0BzdR6FgGtNxp7RVXFRz/+mwijJVLpFsyG1i0Hmv2zTn3h2nyGK/I6yhFNt dX69y5hbo6LAsRjLUvZeHXpTU4TrpN/WiCjJblbj5um5eEr4yhcwhVmG102puTtuCECsDucZ jpKpUqzXlpLbzG/dp9dXFH3MivvfuaHrg3MtjXY1i+/Oxyp5iwARAQABzTNUaG9tYXMgTGFt cHJlY2h0IChBdXRoLTQpIDx0LmxhbXByZWNodEBwcm94bW94LmNvbT7CwY4EEwEIADgWIQQO R4qbEl/pah9K6VrTZCM6gDZWBgUCWwuNxgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAK CRDTZCM6gDZWBm/jD/4+6JB2s67eaqoP6x9VGaXNGJPCscwzLuxDTCG90G9FYu29VcXtubH/ bPwsyBbNUQpqTm/s4XboU2qpS5ykCuTjqavrcP33tdkYfGcItj2xMipJ1i3TWvpikQVsX42R G64wovLs/dvpTYphRZkg5DwhgTmy3mRkmofFCTa+//MOcNOORltemp984tWjpR3bUJETNWpF sKGZHa3N4kCNxb7A+VMsJZ/1gN3jbQbQG7GkJtnHlWkw9rKCYqBtWrnrHa4UAvSa9M/XCIAB FThFGqZI1ojdVlv5gd6b/nWxfOPrLlSxbUo5FZ1i/ycj7/24nznW1V4ykG9iUld4uYUY86bB UGSjew1KYp9FmvKiwEoB+zxNnuEQfS7/Bj1X9nxizgweiHIyFsRqgogTvLh403QMSGNSoArk tqkorf1U+VhEncIn4H3KksJF0njZKfilrieOO7Vuot1xKr9QnYrZzJ7m7ZxJ/JfKGaRHXkE1 feMmrvZD1AtdUATZkoeQtTOpMu4r6IQRfSdwm/CkppZXfDe50DJxAMDWwfK2rr2bVkNg/yZI tKLBS0YgRTIynkvv0h8d9dIjiicw3RMeYXyqOnSWVva2r+tl+JBaenr8YTQw0zARrhC0mttu cIZGnVEvQuDwib57QLqMjQaC1gazKHvhA15H5MNxUhwm229UmdH3KM7BTQRbC43GARAAyTkR D6KRJ9Xa2fVMh+6f186q0M3ni+5tsaVhUiykxjsPgkuWXWW9MbLpYXkzX6h/RIEKlo2BGA95 QwG5+Ya2Bo3g7FGJHAkXY6loq7DgMp5/TVQ8phsSv3WxPTJLCBq6vNBamp5hda4cfXFUymsy HsJy4dtgkrPQ/bnsdFDCRUuhJHopnAzKHN8APXpKU6xV5e3GE4LwFsDhNHfH/m9+2yO/trcD txSFpyftbK2gaMERHgA8SKkzRhiwRTt9w5idOfpJVkYRsgvuSGZ0pcD4kLCOIFrer5xXudk6 NgJc36XkFRMnwqrL/bB4k6Pi2u5leyqcXSLyBgeHsZJxg6Lcr2LZ35+8RQGPOw9C0ItmRjtY ZpGKPlSxjxA1WHT2YlF9CEt3nx7c4C3thHHtqBra6BGPyW8rvtq4zRqZRLPmZ0kt/kiMPhTM 8wZAlObbATVrUMcZ/uNjRv2vU9O5aTAD9E5r1B0dlqKgxyoImUWB0JgpILADaT3VybDd3C8X s6Jt8MytUP+1cEWt9VKo4vY4Jh5vwrJUDLJvzpN+TsYCZPNVj18+jf9uGRaoK6W++DdMAr5l gQiwsNgf9372dbMI7pt2gnT5/YdG+ZHnIIlXC6OUonA1Ro/Itg90Q7iQySnKKkqqnWVc+qO9 GJbzcGykxD6EQtCSlurt3/5IXTA7t6sAEQEAAcLBdgQYAQgAIBYhBA5HipsSX+lqH0rpWtNk IzqANlYGBQJbC43GAhsMAAoJENNkIzqANlYGD1sP/ikKgHgcspEKqDED9gQrTBvipH85si0j /Jwu/tBtnYjLgKLh2cjv1JkgYYjb3DyZa1pLsIv6rGnPX9bH9IN03nqirC/Q1Y1lnbNTynPk IflgvsJjoTNZjgu1wUdQlBgL/JhUp1sIYID11jZphgzfDgp/E6ve/8xE2HMAnf4zAfJaKgD0 F+fL1DlcdYUditAiYEuN40Ns/abKs8I1MYx7Yglu3RzJfBzV4t86DAR+OvuF9v188WrFwXCS RSf4DmJ8tntyNej+DVGUnmKHupLQJO7uqCKB/1HLlMKc5G3GLoGqJliHjUHUAXNzinlpE2Vj C78pxpwxRNg2ilE3AhPoAXrY5qED5PLE9sLnmQ9AzRcMMJUXjTNEDxEYbF55SdGBHHOAcZtA kEQKub86e+GHA+Z8oXQSGeSGOkqHi7zfgW1UexddTvaRwE6AyZ6FxTApm8wq8NT2cryWPWTF BDSGB3ujWHMM8ERRYJPcBSjTvt0GcEqnd+OSGgxTkGOdufn51oz82zfpVo1t+J/FNz6MRMcg 8nEC+uKvgzH1nujxJ5pRCBOquFZaGn/p71Yr0oVitkttLKblFsqwa+10Lt6HBxm+2+VLp4Ja 0WZNncZciz3V3cuArpan/ZhhyiWYV5FD0pOXPCJIx7WS9PTtxiv0AOS4ScWEUmBxyhFeOpYa DrEx In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.079 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com] Subject: Re: [pve-devel] health check uri for proxmox web front end? X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2023 07:00:33 -0000 Hi, Am 23/06/2023 um 00:33 schrieb Wolf Noble: > Im aware of the existing api face, however what exists now requires aut= hentication, and seems a little heavy for my intended use: >=20 > (hey, you alive? yes? cool! i=E2=80=99ll check again in a couple secon= ds)=20 >=20 > Ideally, there=E2=80=99d be a super lightweight check face that respond= s with a 200/ok, perhaps even with some light metadata cached from other = normal operations=E2=80=A6 We are normally reluctant when adding world-readable API calls, but one could imagine something like the "ping" one from PBS: https://pbs.proxmox.com/docs/api-viewer/index.html#/ping >=20 > the ideal (from my perspective) would be a target endpoint that require= s no auth, but the authorized calling hosts must be explicitly whiteliste= d for the node to respond to the query. >=20 > ideally logging of =E2=80=98good=E2=80=99 state request responses would= be optional. >=20 > ideally, data included in the response, and it=E2=80=99s acceptable fre= shness would also be configurable.. but i don=E2=80=99t want to overcompl= icate things either=E2=80=A6. >=20 > does such a mechanism exist already, and I just couldn=E2=80=99t find i= t? Well, you already got a proxy in-between and API tokens exists [0][1], so= you can always make a API path world-readable to all that can access the reve= rse proxy by adding a separate "virtual" URL path, that doesn't clash with ex= isting Proxmox VE ones, and make that point to the, e.g., node status endpoint [= 2] and make it add the API token, restricted to just auditing, on any request as= Authorization header. [0]: https://pve.proxmox.com/pve-docs/chapter-pveum.html#pveum_tokens [1]: https://pve.proxmox.com/wiki/Proxmox_VE_API#API_Tokens [2]: https://pve.proxmox.com/pve-docs/api-viewer/#/nodes/{node}/status >=20 > if not, is there already a feature request, or someplace this was alrea= dy discussed? >=20 Adding some health API call, that is less focused on the underlying host = system metrics, and more a central point to check if API and core services are u= p could be done, albeit certainly with requiring audit permissions on anyth= ing but a simple "yes API is there" (which can be figured out anyway by simply do= ing any API request, as even getting a permission denied is a good sign that API = is working). Anyhow, we should check closely what this endpoint should return and if i= t wouldn't be already covered by an existing ones (sorry, I do not have every one me= morised ^^) but the "/nodes/{node}/services" [3] might be also a candidate. [3]: https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}= /services > =E2=80=94- TANGENT >=20 > another thought I had which seemed totally tangental at first blush was= wondering if the web ui for a cluster could additionally (ie not exclusi= vely) be served by a different class of node (i was thinking pi4=E2=80=99= s =E2=80=A6 ) the thought was that by having an =E2=80=98administrative f= unction only=E2=80=99 cluster node type could be a way to as a way to slo= wly build arm64 support=E2=80=A6=20 > =E2=80=A6 as i imagine this could be useful, but getting EVERYTHING wor= king on a dif arch is a monumentally complex task not likely to bear much= fruit terribly quickly, but I digress=E2=80=A6 If we do another architecture then with all of Proxmox VE's as otherwise = the stream of confusion and feature request will never end. FWIW, we evaluated arm64 in 2016, and the codebase is partially still con= taining the fundamentals for that, so community projects like Pimox [3] can exist, bu= t for us then the performance, boot situation and availability of server hardware = was just rather to disappointing them - and while the latter has improved a bit in= recent time, the boot situation and HW support is still rather bare bones. [4] https://github.com/pimox/pimox7 While not totally ruling some form of arm64 support out for the future, w= e're eyeing more towards RISC-V, an actual open architecture. > tia!=20 > I=E2=80=99ve been really happy with my proxmox experience over the last= several years=E2=80=A6.=20 >=20 > thanks for all the hard work you=E2=80=99ve done keeping proxmox such a= stable abstraction layer=E2=80=A6 its greatly appreciated. thank you for your kind words! regards, Thomas